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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address- 

All claims being allowable, PROSECUTION ON THE MERITS IS (OR REMAINS) CLOSED in this application. If not included 
herewith (or previously mailed), a Notice of Allowance (PTOL-85) or other appropriate communication will be mailed in due course. THIS 
NOTICE OF ALLOWABILITY IS NOT A GRANT OF PATENT RIGHTS. This application is subject to withdrawal from issue at the initiative 
of the Office or upon petition by the applicant. See 37 CFR 1.313 and MPEP 1308. 

1 . |EI This communication is responsive to the amendments filed on 09/15/09 and the interview conducted on 09/25/09. 

2. The allowed claim(s) is/are 1-4,7-11,13-16,19 and 20 . 

3. □ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a) □ All b)DSome* c) □ None of the: 

1. □ Certified copies of the priority documents have been received. 

2. □ Certified copies of the priority documents have been received in Application No. . 

3. □ Copies of the certified copies of the priority documents have been received in this national stage application from the 

International Bureau (PCT Rule 17.2(a)). 
* Certified copies not received: . 

Applicant has THREE MONTHS FROM THE "MAILING DATE" of this communication to file a reply complying with the requirements 
noted below. Failure to timely comply will result in ABANDONMENT of this application. 
THIS THREE-MONTH PERIOD IS NOT EXTENDABLE. 

4. □ A SUBSTITUTE OATH OR DECLARATION must be submitted. Note the attached EXAMINER'S AMENDMENT or NOTICE OF 

INFORMAL PATENT APPLICATION (PTO-152) which gives reason(s) why the oath or declaration is deficient. 

5. □ CORRECTED DRAWINGS ( as "replacement sheets") must be submitted. 

(a) □ including changes required by the Notice of Draftsperson's Patent Drawing Review ( PTO-948) attached 

1 ) □ hereto or 2) □ to Paper No./Mail Date . 

(b) □ including changes required by the attached Examiner's Amendment / Comment or in the Office action of 

Paper No./Mail Date . 

Identifying indicia such as the application number (see 37 CFR 1.84(c)) should be written on the drawings in the front (not the back) of 
each sheet. Replacement sheet(s) should be labeled as such in the header according to 37 CFR 1.121(d). 

6. □ DEPOSIT OF and/or INFORMATION about the deposit of BIOLOGICAL MATERIAL must be submitted. Note the 

attached Examiner's comment regarding REQUIREMENT FOR THE DEPOSIT OF BIOLOGICAL MATERIAL. 



Attachment(s) 

1 . □ Notice of References Cited (PTO-892) 

2. □ Notice of Draftperson's Patent Drawing Review (PTO-948) 

3. □ Information Disclosure Statements (PTO/SB/08), 

Paper No./Mail Date 

4. □ Examiner's Comment Regarding Requirement for Deposit 

of Biological Material 



5. □ Notice of Informal Patent Application 

6. □ Interview Summary (PTO-413), 

Paper No./Mail Date . 

7. ^ Examiner's Amendment/Comment 

8. □ Examiner's Statement of Reasons for Allowance 

9. □ Other . 
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EXAMINER'S AMENDMENT 

1 . An examiner's amendment to the record appears below. Should the changes and/or 
additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 
1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the 
payment of the issue fee. 

2. As per MPEP 713.04, a separate interview summary form is not provided as the 
substance of the interview has been summarized herein. 

Authorization for this examiner's amendment was given in a telephone interview with 
Richard Soderberg (No. 43,352) on 09/25/09. 

The application has been amended as follows: 

• Please amend Claims 1, 8 and 13 as follows: 

1 . A computer-readable medium included in a storage device and having embodied 
thereon a computer program configured to determine whether a user is permitted to access 
requested attributes of a business object when executing a software application of an enterprise 
information technology system, the medium storing one or more code segments configured to: 

use a permission object to determine whether a user associated with an entry in user 
information is permitted to access requested attributes of a data object associated with a data 
object type, wherein: 

the entry in the user information associates the user with a user affiliation, 

the permission object identifies: 

a user affiliation to which the permission object applies, 

a data object type to which the permission object applies such that the data object 
type identified by the permission object is associated with multiple attributes and each 
data object having the data object type identified by the permission object is associated 
with the multiple attributes, 
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a permission attribute identifying at least one of the multiple attributes, 
a permission value for the permission attribute, and 

an attribute access group having a subset of attributes of the multiple attributes, 
the subset of attributes being fewer than all of the multiple attributes, wherein the 
permission object is configured to use control access with the permission attribute when 
the permission attribute is included in the attribute access group subset of attributes and 
to use control access with the permission attribute when the permission attribute is not 
included in the attribute access group subset of attributes . 




wherein upon determination that: 

(1) the user affiliation that is associated with the user is the same user 
affiliation as the user affiliation to which the permission object applies, 

(2) the data object type of the data object is the same as the data object 
type to which the permission object applies, 

(3) a value of the permission attribute associated with the data object is 
consistent with the permission value for the permission attribute, and 

(4) at least one of the requested attributes of the data object corresponds to 
an attribute [[of| included in the attribute access group of the permission object, 

the user is permitted to access any of the requested attributes indicated by the 
attribute access group subset of attributes and not permitted to access any of the requested 
attributes not associated with indicated by the attribute access group subset of attributes , and 
wherein otherwise the user is denied access to all the requested attributes. 

8. A method for determining whether a user is permitted to access requested attributes of 
a business object when executing a software application of an enterprise information technology 
system, the method comprising: 

using a permission object included in a storage [[objectjjdevjce to determine whether a 
user associated with an entry in user information is permitted to access requested attributes of a 
data object associated with a data object type, wherein: 

the entry in the user information associates the user with a user affiliation, 

the permission object identifies: 
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a user affiliation to which the permission object applies, 

a data object type to which the permission object applies such that the data object 
type identified by the permission object is associated with multiple attributes and each 
data object having the data object type identified by the permission object is associated 
with the multiple attributes, 

a permission attribute identifying at least one of the multiple attributes, 

a permission value for the permission attribute, and 

an attribute access group having a subset of attributes of the multiple attributes, 
the subset of attributes being fewer than all of the multiple attributes, wherein the 
permission object is configured to use control access with the permission attribute when the 
permission attribute is included in the attribute access group subset of attributes and to use 
control access with the permission attribute when the permission attribute is not included in the 
attribute access group subset of attributes , 

wherein upon determination by a processor that 

(1) the user affiliation that is associated with the user is the same user affiliation 
as the user affiliation to which the permission object applies, 

(2) the data object type of the data object is the same as the data object type to 
which the permission object applies, 

(3) a value of the permission attribute associated with the data object is consistent 
with the permission value for the permission attribute, and 

(4) at least one of the requested attributes of the data object corresponds to an 
attribute [[of]]included_in the attribute access group of the permission object, 

the user is permitted [ [using] ]by the processor to access any of the requested attributes 
indicated by the attribute access group subset of attributes , and wherein otherwise the user is 
denied access to all the requested attributes. 

13. (Currently Amended) A computer system for determining whether a user is permitted 
to access requested attributes of a data object when executing a software application of an 
enterprise information technology system, the system tangibly embodied and comprising: 

a processor; 
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a storage device including a data repository for access control information for software 
having data objects, each data object 

(1) being associated with a data object type having multiple attributes, 

(2) having the multiple attributes of the data object type to which the data object 
is associated, and 

(3) having a value associated with each attribute of the multiple attributes, 
the data repository including: 

user information that associates a user affiliation with a user of the 
software application, and 

permission information having multiple permission objects, each 
permission object identifying: a user affiliation to which the permission object applies, a 
data object type to which the permission object applies, a permission attribute identifying 
one of the multiple attributes, a permission value for the permission attribute, and an 
attribute access group having a subset of attributes of the multiple attributes, the subset of 
attributes being fewer than all of the multiple attributes, wherein the permission object is 
configured to us© control access with the permission attribute when the permission 
attribute is included in the attribute access group subset of attributes and to use control 
access with the permission attribute when the permission attribute is not included in the 
attribute access group subset of attributes ; and 
an executable software module executed by the processor that causes: 

a comparison of a value of a requested attribute of the multiple attributes of a data 
object such that the attribute of the multiple attributes corresponds to the permission 
attribute of a permission object with the permission value of the permission object, 

a comparison of at least one attribute of the data object that the user seeks to 
access such that the attribute sought to be accessed corresponds to an attribute 
[[of]]inc!udedjn the attribute access group of the permission object, and 

an indication that a user is permitted to access any of the requested attributes 
indicated by the attribute access group subset of attributes and not permitted to access any 
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of the requested attributes not associated with indicated by the attribute access group 
subset of attributes when 

(1) the value of the attribute of the data object is consistent with the 
permission value of the permission object, and 

(2) at least one of the requested attributes of the data object corresponds to 
an attribute [[of]]included_in the attribute access group of the permission object, and 

wherein otherwise the user is denied access to all the requested attributes. 

3. The following is an examiner's statement of reasons for allowance: The arguments 
submitted by the Applicant on 09/15/09 have been considered and are persuasive, in particular 
those found on pages 13 and 14 of the remarks. Therefore, Claims 1-4, 7-11, 13-16, 19 and 20 
are deemed allowable over the prior art of record. 

Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 
fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for 
Allowance." 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to EDWARD ZEE whose telephone number is (571)270-1686. The 
examiner can normally be reached on Monday through Thursday 9:00AM-5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

EZ 

September 27, 2009 
/Kimyen Vu/ 

Supervisory Patent Examiner, Art Unit 2435 



